Open use of Twitter, Facebook a concern: WatchGuard

Internet security provider, WatchGuard Technologies, are "alarmed" by survey results that revealed some Australian IT professions do not consider social media to be a potential risk.

The survey, commissioned by WatchGuard, was conducted with 157 IT professionals - including IT managers and CIOs - in March 2011.

The results showed that social media use within business was on the rise, with 82 per cent of organisations allowing employee access to social networking sites such as Twitter, Facebook, and LinkedIn. Video streaming was also popular, with 76 per cent of businesses allowing employee access to streaming sites such as YouTube.

WatchGuard A/NZ regional director, Scott Robertson, told Computerworld Australia that he was surprised by the results.

"We know businesses use these forms of social media to manage and promote their own brands," he said. "But we were alarmed at how many businesses were leaving these online applications open."

While Roberston acknowledged that IT managers were trying to handle potential exposure with the risk of employee revolt if they were not allowed access to social networking sites, he said all users should upgrade their accounts to only use the secure versions of Twitter and Facebook, which were rolled out in March.

Security priorities that were high on the list included data protection, securing mobile devices and email encryption.

More than one in five organisations stated that email encryption was now a requirement for their business. According to the survey, this was in response to the increasing need to protect data in transit for mobility purposes.

47 per cent of the professionals surveyed cited prevention of theft and inappropriate disclosure as their top investment, while 44 per cent cited the need to provide security for a mobile workforce. Other drivers included compliance and prevention of unauthorised employee access to data.

Mobility took the top two places in the list of security priorities for 2011, with 65 per cent nominating the need to secure mobile devices such as smart phones and memory sticks as their most important task. Another 57 per cent stated that their greatest priority was remote access for employees. Network access control (52 per cent) and threat detection and monitoring (50 per cent) were also priorities for many organisations. The four least important priorities for 2011 were identity management, incident or attack response, extranet security, and regulatory compliance.

Robertson also said that the priority for IT managers was to adapt organisational security measures to suit the new mobile hardware environment.

"The biggest challenge is to prevent both intentional and unintentional data leakage," he said. "The tools to achieve this do exist, but right now most organisations are still in a state of catch up.

"Over the next year there will be a big focus on putting in place mobility strategies and tools, after which we anticipate attention to turn to the bandwidth and security issues of social media."

From a market point of view, he said there was an increasing interest in Australia to explore data leakage offerings.

"There are a number of products out there that offer comprehensive data leakage," Robertson said. "One of the difficulties IT managers face is to understand what data content should be shared and not shared.

"There are certain things that are used, such as document fingerprinting, which only gives access to some people."

Robertson said he was pleased that data protection was high on priorities but felt more could be done to prevent data leakage.

"Australia is lagging behind countries, such as the US and UK, where data leakage is penalised," he said. "Companies there are held responsible for any customer data leakage and sensitive information."

According to Robertson, local policy makers needed to consider taking this more seriously because of the recent hack of UK-based cosmetics company, Lush.

"Their customers in Australia and New Zealand had credit card details hacked, but this only became public after it was exposed through the press," he said. "At a legislative level, should this business not be held responsible?

"If policies and penalties are attached to data leakage we would see a faster rate of adoption."

Copyright 2016 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.